[wallet-ui] Login fail should happen before signature sent #1317

ldct · 2019-04-17T09:27:42Z

No description provided.

snario · 2019-05-08T19:50:11Z

@ebryn this is an important security thing. We should check if there is a user first before signing a message and sending it to the server.

joelalejandro · 2019-08-15T05:02:19Z

@snario I think the Wallet UI has dragged the same unsafe implementation.

If I understand correctly, the protocol would be:

See if there is a user with the Metamask's ethAddress registered.
If the user exists on the database, request the signature. If not, return an error and not request the signature.
If the signature is valid, allow the user to login.

ldct changed the title ~~Login fail should happen before signature sent~~ [playground] Login fail should happen before signature sent Apr 17, 2019

snario closed this as completed May 8, 2019

ldct reopened this May 8, 2019

joelalejandro self-assigned this Aug 15, 2019

joelalejandro added 🐞 Bug 📦 Wallet UI code related to packages/wallet-ui 🛡️ Security labels Aug 15, 2019

joelalejandro added this to the 👽 Grunty milestone Aug 15, 2019

joelalejandro changed the title ~~[playground] Login fail should happen before signature sent~~ [wallet-ui] Login fail should happen before signature sent Aug 15, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[wallet-ui] Login fail should happen before signature sent #1317

[wallet-ui] Login fail should happen before signature sent #1317

ldct commented Apr 17, 2019

snario commented May 8, 2019

joelalejandro commented Aug 15, 2019

[wallet-ui] Login fail should happen before signature sent #1317

[wallet-ui] Login fail should happen before signature sent #1317

Comments

ldct commented Apr 17, 2019

snario commented May 8, 2019

joelalejandro commented Aug 15, 2019